About Our Guests

Rob Martin has been with the FinOps Foundation for four years, currently focusing on the AI working group, ITAM initiatives, and the rapidly growing public sector adoption. His experience spans training development and strategic initiatives that have helped shape the foundation’s direction during a period of explosive growth.

Mike Fuller is one of the founding members of the FinOps Foundation and co-author of the Cloud FinOps book. As a member of the Focus project steering committee, he’s been instrumental in developing the specification that’s standardizing cloud billing data across the industry.

Graham Murphy serves as Director of SaaS P&L for Technology One in Brisbane. With 8-9 years in FinOps and recently nominated as both a FinOps Ambassador and Focus Ambassador, Graham brings a practitioner’s perspective from the APAC region and insights on implementing Focus in a SaaS environment.

Conference Growth and Evolution

The 2025 FinOps X conference in San Diego marked a significant milestone with approximately 2,000 attendees—a substantial increase from the previous year. Despite the larger venue, the conference maintained its intimate feel, allowing for meaningful connections and knowledge sharing.

2:49 Graham: “AI definitely grew a lot this year. A lot more talk about how you go about managing AI, how FinOps is going to drive better value out of your AI investments. And also just a lot of people trying to understand where to start.”

The conference format evolved with more senior leadership participation, including executives from PepsiCo, Ticketmaster, and Nubank sharing their FinOps journeys. The quality of presentations notably improved, with practitioners willing to share deeper insights into their mature FinOps programs.

The Cloud Plus Revolution

A dominant theme throughout the conference was the expansion beyond traditional cloud cost management into what the foundation calls “Cloud Plus”—encompassing SaaS, data center, licensing, and AI costs.

4:31 Mike: “We saw that sort of echoed quite well across many of the breakout sessions by practitioners exactly how they’re sort of incorporating other costs into the conversation of their practices.”

6:56 Rob: “Ticketmaster said something that I loved, which was that they were ‘happily hybrid’… we understand that we’ve got all these different modalities that we’re going to use to deliver value—SaaS models and data center models and cloud models.”

This shift represents a fundamental change in how organizations view FinOps, moving from a cloud-specific practice to a comprehensive IT financial management approach.

Focus 1.2: The Game Changer

The release of Focus 1.2 at the conference marked a pivotal moment for billing data standardization. The specification now includes support for SaaS costs and virtual currencies like tokens and credits—critical for AI and modern consumption-based pricing models.

16:23 Mike: “The big tagline for Focus 1.2 was sort of keeping up with how FinOps is approaching that Cloud Plus world with the introduction of columns that really help bring in SaaS costs.”

Focus Adoption Momentum

The adoption curve for Focus has been remarkable:

19:53 Rob: “Last year, people were saying ‘Tell me what is Focus?’ In Barcelona, they asked ‘How do I actually start using it?’ This year, almost every conversation was ‘I’m trying to get my data into Focus, and this is how we’re doing it.'”

Major milestones include:

• AWS and Microsoft announcing Focus 1.2 support
• Grafana, Databricks, and Snowflake joining as data generators
• European Union standardizing on Focus for inter-agency billing
• UK, Japanese, Canadian, and Brazilian governments adopting Focus as their standard

AI: From Experimentation to Operation

The transformation in AI cost management over the past year has been dramatic. Organizations have moved from wondering if they should worry about AI costs to actively managing significant AI spending.

13:31 Rob: “We’ve got private connections to some customers where we’re serializing 400 gigabits per second line rate to them, so that they can very, very rapidly move libraries of data to tightly schedule back to back with perhaps maybe a GPU farm instance.”

The Dual AI Challenge

Organizations face two distinct AI-related challenges:

1. FinOps for AI: Managing the costs of AI workloads, including training, inference, and data movement
2. AI for FinOps: Using AI to enhance FinOps practices through automation and intelligent recommendations

25:42 Graham: “We did a top down view, and we did a bottom up view… What was interesting is we intersected almost perfectly across the middle in what we had forecast the spend/cost profile might look like.”

Maturity Paradox: Still No Runners

Despite the growth and sophistication of tools and practices, the community continues to acknowledge that “there are no runners” in FinOps maturity.

8:10 Graham: “There is still quite a lot of people in that crawl/walk phase… As the keynotes alluded to as well, there are no runners. And it still seems to be quite true.”

This reflects the rapidly evolving nature of cloud technology, pricing models, and the continuous expansion of FinOps scope into new areas.

Practitioner Specialization Emerging

The conference revealed a trend toward specialization within FinOps practices:

32:51 Justin: “I think you’re going to see people who get kind of more into specialized areas of the FinOps frameworks… I’m really big on the data part of it. I’m really big about the strategic application of that data into my business.”

This specialization is reflected in the new framework’s “scopes” concept, allowing practitioners to focus on specific technology areas or cost domains while maintaining alignment with overall business strategy.

From Cost to Value Conversations

A significant shift in FinOps messaging emerged at the conference—moving from cost-focused discussions to value and efficiency conversations.

35:50 Graham: “If you keep going to your engineers and say, ‘Hey, listen, your costs are out of control’… that will start to get people offside. But if you can start to talk to them about efficiency and scaling quicker and providing better value to the customer, that’s much more valuable.”

Key Challenges Ahead

Exchange Rate Volatility

38:53 Graham: “Managing exchange rate fluctuations and how vendors can hit you in your underlying costs… That’s our next challenge for the next 12 months.”

Sustainability Divide

41:12 Mike: “There’s a pocket of the community that really has a high desire for sustainability… there’s a lot of organizations that aren’t prioritizing the sustainability conversation in the FinOps space yet.”

Data Center Depth

43:42 Rob: “Most people who were reporting on data center costs… were really focusing on understanding usage and cost… But they weren’t really optimizing a lot in those areas yet.”

Notable Sessions and Highlights

Nubank’s Hypergrowth Story

The keynote featuring Nubank’s journey from zero to 100+ million customers in five years demonstrated the framework’s scalability and adaptability under extreme growth conditions.

The Four Cloud Providers Unite

For perhaps the only conference where it happens, all four major cloud providers (AWS, Azure, Google Cloud, and presumably Oracle) appeared on stage together during day one—a testament to FinOps’ unique position in the industry.

Chalk Talks Shine

The intimate chalk talk format proved particularly valuable, with practitioners engaging in deep, interactive discussions about specific challenges and solutions.

Quotes from Today’s Show

On Framework Evolution: “It’s not just cost management anymore… My drivers are very much around the value and efficiency side of things.”

On AI Impact: “The way that this customer cohort has changed over the last two years is nothing short of astonishing.”

On Focus Adoption: “The word is out and the excitement is out about it, and now we’re down to the implementation details.”

On Public Sector Leadership: “This is one of the areas where public sector is really, I think, in many ways, advanced over private sector organizations.”

On Practitioner Challenges: “There’s never been enough time to do all the FinOps you want. But now there’s going to be even more as it starts to expand into Cloud Plus.”

Looking Ahead

FinOps X Days 2025

• São Paulo
• Amsterdam
• Washington, DC
• India (details TBA)

FinOps X 2026

Save the Date: June 8-11, 2026 in San Diego Rob emphasizes this is “called family planning for a reason”—book your calendars now!

Resources and Links

• FinOps Foundation: finops.org
• FinOps X Conference: finopsx.finops.org
• Focus Specification: Latest 1.2 release documentation
• State of FinOps Report: Annual survey results
• FinOps for AI Training: New series available through the foundation

Final Thoughts

FinOps X 2025 demonstrated that the practice has definitively moved beyond its cloud cost management origins. With Focus 1.2 providing the standardization backbone, government adoption driving private sector compliance, and AI creating both challenges and opportunities, FinOps practitioners are positioned at the center of IT financial transformation.

The expansion into “Cloud Plus” reflects the reality that modern IT environments are hybrid by default, requiring holistic approaches to cost management across cloud, SaaS, data center, and emerging technologies. As organizations mature in their cloud journey, FinOps evolves from a cost-control function to a strategic enabler of business value through technology efficiency.

The message is clear: FinOps is no longer just about managing cloud costs—it’s about optimizing the entire technology investment portfolio to drive business outcomes.

Visit thecloudpod.net to subscribe to the show, join our Slack channel, or sign up for our weekly newsletter. For sponsorship opportunities and to reach our audience, visit our sponsorship page.

Thanks to Rob Martin, Mike Fuller, and Graham Murphy for joining us, and thank you for listening to TCP Talks!

About Backblaze

Backblaze started in 2007 with a simple mission: make storage so affordable it’s almost free. The company gained early notoriety for their DIY approach to storage infrastructure, with founders literally bending metal in apartments and conducting “gorilla storage purchasing” raids at Bay Area Best Buys and Fry’s Electronics to build their custom red storage pods. This scrappy, cost-conscious DNA remains central to the company’s identity today.

In September 2015, Backblaze made their enterprise pivot with the launch of B2 Cloud Storage, entering the market at one-quarter the cost of Amazon S3. By December of that launch year, they had already attracted over 30,000 users. Today, Backblaze (NASDAQ: BLZE) manages approximately 4.7 exabytes of data across 310,000+ drives, serving over 500,000 customers in 175 countries.

What sets Backblaze apart isn’t just their pricing—it’s their philosophy. While hyperscalers have built complex storage tiers with Byzantine billing structures, Backblaze offers one tier of hot storage with transparent, predictable pricing. Their recent push into AI workloads with B2 Overdrive demonstrates their ability to evolve with market demands while maintaining their core value proposition.

About Chris Opat

Chris Opat joined Backblaze as SVP of Cloud Operations in 2023, bringing over 25 years of experience in building teams and technology at startup and scale-up companies. Before Backblaze, he served as SVP of Platform Engineering and Operations at StackPath, specializing in edge technology and content delivery.

His background includes extensive work with private equity portfolio companies, where he honed his skills in rapid transformation and growth. Chris describes himself as someone who thrives in “David vs. Goliath” scenarios, making Backblaze—with its mission to challenge the hyperscaler incumbents—a perfect fit. His passion for building exceptional technical teams and pushing technological boundaries aligns perfectly with Backblaze’s innovative culture.

Interview Highlights

The David vs. Goliath Mentality

3:15 Chris: “Nothing makes me happier than to watch a customer choose us over the incumbent competitors and have an exceptionally good experience. It’s easy to work for the incumbents and kind of win all the time. It feels so much better when you do it as the upstart that people don’t see coming.”

Chris emphasized how Backblaze offers a fundamentally different partner experience compared to hyperscalers. While AWS, Azure, and Google Cloud may provide excellent services, they often lack the personal touch and flexibility that smaller customers need. At Backblaze, customers can directly influence product strategy and speak with decision-makers who shape the company’s direction.

Egress Fees: The Hidden Tax of Cloud Storage

7:59 Chris: “Everybody who uses a hyperscaler is very familiar with the taxation of egress fees. It’s not a trivial subject… If you don’t know what you’re doing with a hyperscaler, egress fees can quickly sour your experience. They can drain your budget.”

The discussion on egress fees revealed one of Backblaze’s key differentiators: their no egress fee policy through their Bandwidth Alliance partnerships. Chris shared a compelling example of a customer who saved hundreds of thousands of dollars on egress fees in their first year with Backblaze. This transparent pricing model contrasts sharply with hyperscalers, where egress costs can spiral out of control.

When asked about recent announcements from Google and Amazon regarding “free” egress, Chris didn’t mince words:

10:07 Chris: “The devil’s in the details… The only way that they honor the free egress for repatriating your data is if you cancel all the services, and the cancellation timeframe… it’s something pretty brisk. It’s like 90 days or something.”

AI Workloads: The New Frontier

The conversation revealed how dramatically Backblaze’s customer base has evolved, particularly with AI workloads:

13:31 Chris: “We’ve got private connections to some customers where we’re serializing 400 gigabits per second line rate to them, so that they can very, very rapidly move libraries of data to tightly schedule back to back with perhaps maybe a GPU farm instance that they’ve got booked.”

This represents a massive shift from their traditional backup use cases. The new B2 Overdrive product specifically addresses these high-bandwidth needs, offering performance levels that Chris claims most competitors “will not entertain giving you… They just flat out won’t.”

The Scale Challenge

Managing 4.7 exabytes across 310,000+ drives requires sophisticated capacity planning:

12:00 Chris: “It’s a full-time science to be fair. We’ve got people who are fully dedicated to this, and that’s what they do all day… We do nightly linear regressions on the installed environment.”

Chris described the “triangle of tension” between reads, writes, and deletes on drives, explaining how they must carefully balance IOPS to ensure no customer experiences performance degradation. The shift from predictable consumer backup patterns to volatile AI workload demands has made this exponentially more complex.

Data Sovereignty and Compliance

With increasing global regulations around data privacy, Backblaze has invested heavily in ensuring compliance:

28:31 Chris: “When we designed our cluster in Toronto, data privacy and data sovereignty and security is taken extremely seriously there… We very, very carefully curated our network in market to ensure that Canadian customers would have their traffic ingress and egress through Canadian providers end to end.”

This attention to data sovereignty extends beyond just storage location—it includes network routing, ensuring data never leaves jurisdictional boundaries unless explicitly requested by the customer.

Green Initiatives and Sustainability

The discussion touched on the growing importance of environmental considerations in data center operations:

31:55 Chris: “When we do a site selection process, we want to make sure that… their PUE and their operating profile fits what matches our personality… Being able to pass along a high efficiency PUE to a customer, it’s great for business.”

Chris highlighted their Stockton, California facility as an example of their commitment to efficiency, noting it has “one of the most incredible PUEs ever.”

Key Takeaways

1. Simple Pricing Wins

Backblaze’s flat-rate, single-tier storage model eliminates the complexity of hyperscaler billing. No glacial retrieval fees, no complex lifecycle policies—just predictable costs.

2. Egress Freedom Matters

The Bandwidth Alliance and no-egress-fee policy aren’t just marketing—they represent fundamental architectural decisions that save customers real money, especially for AI/ML workloads that require frequent data access.

3. Performance at Scale

B2 Overdrive’s ability to deliver 400 Gbps demonstrates that alternative cloud providers can match or exceed hyperscaler performance for specific use cases.

4. Location Strategy is Key

Strategic placement near GPU compute farms and careful attention to data sovereignty requirements shows Backblaze understands modern workload requirements.

5. The Human Touch

Unlike hyperscalers where you need significant spend to get personal attention, Backblaze offers direct access to decision-makers and the ability to influence product direction.

Technical Deep Dives

Storage Architecture Evolution

Chris revealed that Backblaze has moved beyond their famous DIY storage pods to work with OEM partners, enabling them to scale more efficiently while maintaining cost advantages. They’re also exploring flash storage integration to better serve high-IOPS workloads, particularly for AI inference use cases.

Network Infrastructure

The emphasis on peering relationships and private network interconnects (PNIs) demonstrates sophisticated network planning. Customers can specify routing preferences, including requirements for traffic to never transit the public internet.

Capacity Planning for AI

The shift from predictable backup workloads to volatile AI demands has required new approaches:

• Nightly linear regression analysis
• Real-time monitoring of the read/write/delete “triangle of tension”
• Flexible OEM partnerships for rapid capacity expansion
• Strategic geographic expansion to reduce latency to compute resources

Industry Implications

Chris’s insights suggest several important trends:

1. The Egress Fee Backlash is Real: Hyperscaler “free egress” offers come with significant strings attached, validating alternative providers’ criticism of these practices.
2. AI Changes Everything: Traditional storage patterns don’t apply to AI workloads. Providers must offer both massive bandwidth and flexible data lifecycle management.
3. Hybrid Cloud is the Future: Customers want to use best-of-breed solutions, not be locked into a single provider’s ecosystem.
4. Compliance Complexity is Growing: Data sovereignty isn’t just about location—it’s about network paths, audit trails, and provable data destruction.

Quotes from Today’s Show

On Customer Experience: “You probably can talk to people at Backblaze that are very influential, that are shaping the strategy of what we do. There’s every opportunity to help us guide part of our product strategy.”

On Pricing Transparency: “Customer: “Sometimes we’re not even sure you’re storing our data. Like, how do you do it for so little money? Like, what’s the trick behind the curtain?” Chris: It’s like, No, trust us. We’ve got all your data. It’s got 11 nines of durability, and it’s all there.”

On AI Workload Patterns: “The rate of churn of the data is also an occasional topic where customers say, ‘All right, we’re finished with that library. Let’s get rid of it, and let’s bring on a whole new library of data.'”

On Market Position: “We’re knocking up wins on the board every week, and that feels terrific. It’s easy to work for the incumbents and kind of win all the time. It feels so much better when you do it as the upstart.”

On Data Sovereignty: “That data is not leaving the borders of Canada unless there’s some kind of a very large catastrophe, which we don’t want to imagine.”

Resources and Links

• Backblaze Website: backblaze.com
• B2 Cloud Storage: backblaze.com/b2
• Backblaze YouTube Channel: Featured historical content about their DIY storage journey
• Hard Drive Stats Reports: Their famous drive reliability data
• Connect with Chris Opat: LinkedIn

Final Thoughts

This TCP Talks episode reveals how Backblaze has evolved from a scrappy backup startup to a serious enterprise storage contender. Chris Opat’s insights demonstrate that competing with hyperscalers isn’t just about price—it’s about understanding customer pain points around egress fees, performance requirements for AI workloads, and the need for genuine partnership.

As AI workloads continue to drive massive storage demands and data sovereignty regulations become more complex, Backblaze’s approach of simple pricing, no egress fees, and strategic geographic expansion positions them well for continued growth. Their recent B2 Overdrive launch shows they’re not content to just be the budget option—they’re actively competing on performance for the most demanding workloads.

For organizations evaluating cloud storage options, particularly those with AI/ML workloads or significant data egress needs, this conversation provides valuable insights into why alternative providers deserve serious consideration alongside the hyperscaler incumbents.

Visit thecloudpod.net to subscribe to the show, join our Slack channel, or sign up for our weekly newsletter. For sponsorship opportunities and to reach our audience, visit our sponsorship page.

Thanks to Chris Opat for joining us, and thank you for listening to TCP Talk

Keywords

Takeaways

• FinOps practices have evolved to focus on making processes more operational and improving decision-making in businesses.
• The FinOps Foundation has seen significant growth, with over 100 members, including major cloud providers.
• The Focus project, an open billing standard, aims to consolidate billing data from different cloud providers and enable more effective cost allocation.
• The adoption of FinOps practices by SaaS companies is increasing, with a focus on consumption-based licensing management.
• The future of the FinOps space includes expanding the Focus project to include sustainability data and additional usage-based data. The FinOps framework has been updated to include allied personas and simplified domains and capabilities.
• Finops-X conference provides valuable content, networking opportunities, and career advancement for attendees.
• Finops-X Europe conference in Barcelona offers a focused event for the European market.
• The conversation also mentions the importance of small businesses attending the conference and the success stories of attendees.

Sound Bites

• “How do I make these processes much more operational? How do I affect the broader decision-making going on in my business?”
• “The Focus project… will consolidate or specify how billing data should come from the different cloud providers.”
• “The Focus project… essentially handles the data ingestion problem that has plagued a lot of organizations early on.”
• “The two big changes that happened this year were the addition of a lot of allied personas.”
• “We’ve simplified those down into four key domains.”
• “What other things are you guys excited about for Finops-X?”

About Joe Daily & Rob Martin

Joe Daly is a Director of Community for the FinOps Foundation, which is kind of like sitting at the largest lunch table in Middle School, but with less vaping.  He’s had illustrious careers as a CPA (the Statute of Limitations has past for all tax returns he prepared and he has let his CPA expire), Corporate Taxation, IT Finance & Accounting, IT Portfolio Management, a regrettable stint as Manager of Server Operations, and has started two teams that perform what has come to be known as FinOps.  He lives in Columbus, OH and enjoys copying off Rob. Go Captains!

Rob Martin is a FinOps Principal at the FinOps Foundation, which is kind of like being a Middle School Principal, but with less vaping. He’s had illustrious careers at Accenture, the US Department of Justice, Amazon Web Services, and Cloudability, and less lustrious jobs at a few other places. He now spends his time collecting, developing, and distributing FinOps content among the huge global community of people who deliver value from cloud. He lives in Leesburg, VA, and enjoys games (including the FinOps Boardgame!), hiking, and announcing for his son’s high school soccer team. Go Captains!

Chapters

• 00:00 Introduction and Overview
• 02:32 The Evolution of FinOps Practices
• 05:19 The Growth of the FinOps Community
• 06:18 The Importance of the Focus Project
• 09:29 Adoption of FinOps Practices by SaaS Companies
• 12:35 The Future of the FinOps Space
• 24:29 The Value of Finops-X Conference
• 28:29 Finops-X Europe: A Focused Event for the European Market
• 29:32 Success Stories and Career Advancement at Finops-X

Learn More:

• Finops Foundation
• Finops Foundation on Twitter
• Finops-X
• Subscribe to The Cloud Pod

Background

Rackspace Technology, commonly known as Rackspace, is a leading multi-cloud solutions provider headquartered in San Antonio, Texas, United States. Founded in 1998, Rackspace has established itself as a trusted partner for businesses seeking expertise in managing and optimizing their cloud environments.

The company offers a wide range of services aimed at helping organizations navigate the complexities of cloud computing, including cloud migration, managed hosting, security, data analytics, and application modernization. Rackspace supports various cloud platforms, including AWS, Azure, and GCP, among others. 

Rackspace prides itself on its “Fanatical Experience” approach, which emphasizes delivering exceptional customer support and service. This commitment to customer satisfaction has contributed to Rackspace’s reputation as a reliable and customer-centric provider in the cloud computing industry. 

Meet Travis Runty, CTO of Public Cloud for Rackspace Technology

Beginning his career with Rackspace as a Linux engineer, Travis has spent the last 15 years working his way through multiple divisions of the company, including 10 years in senior and director level positions. Most recently, Travis served as VP of Technical Support of Global Cloud Operations from 2020-2022. 

Travis is extremely passionate about building and leading high performance engineering teams and delivering innovative solutions. Most recently, as a member of their technology council, Travis wrote an article for Forbes – Building a Cloud-Savvy Workforce: Empowering Your Team for Success – where he discussed best practices for prioritizing workforce enablement, especially when it comes to training and transformation initiatives. 

Interview Notes:

In the main show, TCP has been talking a lot about Cloud / hybrid cloud / multi-cloud and repatriating data back to on prem, and today’s guest knows all about those topics. 

Rackspace has had quite a few phases in their journey to public cloud – including building a data center in an unused mall, introducing managed services, creating partnerships with VMware, an attempt to go head to head with the hyperscalers, and then ultimately focusing on public cloud and instead partnering with the hyperscalers. 

Rackspace has both a focus on private and public cloud; when it comes to private cloud they focus mainly on VMware and OpenStack, whereas in the public cloud side, Rackspace partners with the hyperscalers to assist clients with their cloud journey. 

Quotes from today’s show 

Travis: “We want to make sure that when a customer goes on their public cloud journey, that they actually have a robust strategy that is going to be effective. From there, we’re able to leverage our professional services teams to make sure that they can realize that transformation, and hopefully there *is* a transformation, and it’s not just a lift and shift.”

Travis: “A conflict that we continuously have to strike the balance of is when do we apply a cloud native solution, and where do we apply the Rackspace elements on top. The hyperscalers technology is the best there is, and we’re probably not going to create a better version of “x” than AWS does – nor do we want to.”

Travis: “We favor cloud native. Every single time we’re going to favor the platform’s native solution, unless the customer has a really really strong opinion about being vendor locked. Which sometimes they do. And if that’s the case we can establish a solution that gives them that portability. But for right now, the customers are generally preferring cloud native solutions.”

Background

Sonrai (pronounced Son-ree, which means data in Gaelic) was founded in 2017. Sonrai provides Cloud Data Control, and seeks to deliver a complete risk model of all identity and data relationships, which includes activity and movement across cloud accounts, providers, and third party data stores.

Try it free for 14 days

Start your free trial today

Meet Sandy Bird, Co founder of Sonrai Security

Sandy is the co-founder and CTO of Sonrai, and has a long career in the tech industry. He was the CTO and co-founder of Q1 Labs, which was acquired by IBM in 2011, and helped to drive IBM security growth as CTO for global business security there. 

Interview Notes:

One of the big questions we start the interview with is just how has IAM evolved – and what kind of effect have those changes had on the identity models?  Enterprise wants things to be least privilege, but it’s hard to find the logs. In cloud, however *most* things are logged – and so least privilege became an option. 

Sonrai offers the first cloud permissions firewall, which enables one click least privilege management, which is important in the current environment where the platforms operate so differently from each other. With this solution, you have better control of your cloud access, limit your permissions, attack surface, and automate least privilege – all without slowing down DevOps2. 

Is the perfect policy achievable? Sandy breaks it between human identities and workload identities; they’re definitely separate. He claims, in workload identities the perfect policy is probably possible. Human identity is hugely sporadic, however, it’s important to at least try to get to that perfect policy, especially when dealing with sensitive information. One of the more interesting data pieces they found was that less than 10% of identities with sensitive permissions actually used them – and you can use the information to balance out actually handing out permissions versus a one time use case. 

Sonrai spent a lot of time looking at new solutions to problems with permissions; part of this includes purpose-built integration, offering a flexible open GraphQL API with prebuilt integrations. 

Sonrai also offers continuous monitoring; providing ongoing intelligence on all the permission usage – including excess permissions – and enables the removal of unused permissions without any sort of disruptions. Policy automation automatically writes IAM policies tailored to access needs, and simplifies processes for teams. 

On demand access is another tool that gives on demand requests for permissions that are restricted with a quick and efficient process. 

Quotes from today’s show 

Sandy: “The unbelievably powerful model in AWS can do amazing things, especially when you get into some of the advanced conditions – but man, for a human to understand what all this stuff is, is super hard. Then you go to the Azure model, which is very different. It’s an allow first model. If you have an allow anywhere in the tree, you can do whatever is asked, but there’s this hierarchy to the whole thing, and so when you think you want to remove something you may not even be removing it., because something above may have that permission anyway. It’s a whole different model to learn there.” 

Sandy: “Only like 8% of those identities actually use the sensitive parts of them; the other 92 just sit in the cloud, never being used, and so most likely during that break loss scenario in the middle of the night, somebody’s troubleshooting, they have to create some stuff, and overpermission it . If we control this centrally, the sprawl doesn’t happen.”

Sandy: There is this fear that if I remove this identity, I may not be able to put it back the way it was if it was supposed to be important… We came up with a secondary concept for the things that you were worried about… where we basically short circuit them, and say these things can’t log in and be used anymore, however we don’t delete the key material, we don’t delete the permissions. We leave those all intact.” 

In this episode, Andrew Krug talks about Datadog as a security observability tool, shedding light on some of its applications as well as its benefits to engineers.

Andrew is the lead in Datadog Security Advocacy and Datadog Security Labs. Also a Cloud Security consultant, he started the Threat Response Project, a toolkit for Amazon Web Services first responders. Andrew has also spoken at Black Hat USA, DEFCON, re:Invent, and other platforms..

DataDog Product Overview

Datadog is focused on bringing security to engineering teams, not just security people. One of the biggest advantages of Datadog or other vendors is how they ingest and normalize various log sources. It can be very challenging to maintain a reasonable data structure for logs ingested from cloud providers.

Vendors try to provide customers with enough signals that they feel they are getting value while trying not to flood them with unactionable alerts. Also, considering the cloud friendliness for the stack is crucial for clients evaluating a new product.

Datadog is active in the open-source community and gives back to groups like the Cloud native computing foundation. One of their popular open-source security tools created is Stratus-red-team which simulates the techniques of attackers in a clean room environment. The criticality of findings is becoming a major topic. It is necessary when evaluating that criticality is based on how much risk applies to the business, and what can be done.

One of the things that teams struggle with as high maturity DevOps is trying to automate incident handling or response to critical alerts as this can cause Configuration Drift which is why there is a lot of hesitation to fully automate things. Having someone to make hard choices is at the heart of incident handling processes.

Datadog Cloud SIEM was created to help customers who were already customers of logs. Datadog SIEM is also very easy to use such that without being a security expert, the UI is simple. It is quite difficult to deploy a SIEM on completely unstructured logs, hence being able to extract and normalize data to a set of security attributes is highly beneficial. Interestingly, the typical boring hygienic issues that are easy to detect still cause major problems for very large companies. This is where posture management comes in to address issues on time and prevent large breaches.

Generally, Datadog is inclined towards moving these detections closer to the data that they are securing, and examining the application run time in real-time to verify that there are no issues. Datadog would be helpful to solve IAM challenges through CSPM which evaluates policies. For engineering teams, the benefit is seen in how information surfaces in areas where they normally look, especially with Datadog Security products where Issues are sorted in order of importance.

Security Observability Day is coming up on the 18th of April when Datadog products will be highlighted; the link to sign up is available on the Datadog Twitter page and Datadog community Slack. To find out more, reach out to Andrew on Twitter @andrewkrug and on the Datadog Security Labs website.

Top Quotes

• “I think that great security solutions…start with alerts that you are hundred percent confident as a customer that you would act on”
• “When we talk about the context of ‘how critical is an alert?’ It is always nice to put that risk lens on it for the business”
• “Humans are awesome unless you want really consistent results, and that’s where automating part of the process comes into play”
• “More standardization always lends itself to better detection”

Ravi Mayuram is CTO of Couchbase. He is an accomplished engineering executive with a passion for creating and delivering game-changing products for startups as well as Fortune-500 industry-leading companies.

Notes

Couchbase set out to build a next-generation database. Data has evolved greatly with IT advancements. The goal was to build a database that will connect people to the newer technologies, addressing problems that relational systems did not have to solve. The fundamental shift is that earlier systems were internally focused, built for trained users but now the systems are built directly for consumers. This shift also plays out in the vast difference in the number of consumers now interacting with these systems compared to the fewer trained users previously interacting with the systems.

One of the key factors that sets Couchbase apart is the No-SQL Database. It is a database that has evolved by combining five systems; a Cache and Key-value store, a Document store, a Relational document store, a Search system, and an Analytical system. Secondly, Couchbase performs well in the geo-distributed manner such that with one click, data is made available across availability zones. Lastly, all of this can be done at a large scale in seconds.

Regarding the global database concept that Google talks about, a globally consistent database may not be needed by most companies. The performance will be the biggest problem as transaction speed will be considerably low. Couchbase does these transactions locally within the data center and replicates them on the other side. The main issue of relational systems is that they make you pay the price of every transaction no matter how minor, but with Couchbase, it is possible to pay only the cost only with certain crucial transactions.

Edge has become a part of the enterprise architecture even such that people now have edge-based solutions. Two edges are emerging; the Network edge and the Tool edge where people are interfacing. Couchbase has built a mobile database available on devices, with sync capability.

As a consumer, the primary advantage of bringing data closer to the consumer is the latency issue. Often, data has to go through firewalls and multiple steps which delays it but this is the benefit of Couchbase. The user simply continues to have access to the data while Couchbase synchronizes the data in the back.

One of the applications of Couchbase in healthcare is insulin tracking. With many devices that monitor insulin which must work everywhere you go, Couchbase Lite does the insulin tracking, keeps the data even in the absence of a network, and later syncs it for review by healthcare professionals. This is also useful in operating rooms where the network is not accessible. The real benefit is seen when the data eventually gets back to the server and can be interpreted to make decisions on patient care.

The Couchbase Capella Service runs in the cloud and allows clients to specify what data should be sent to the edge and what should not be. This offers privacy and security measures, such that even in the loss or damage of a device, the data is secure and can be recovered. To effectively manage edge in devices, a lot of problems must be addressed to make it easier.

One of the concerns for anyone coming into Couchbase Capella is the expense of data extraction from the cloud, however, Couchbase is available on all three cloud providers. Also, with Couchbase, there is no need to keep replicating data as you can work on the data without moving it, which largely saves costs.

Other use cases for Couchbase include information for flight bookings, flight crew management systems, hotel reservations, and credit card payments. To learn more, visit the Couchbase website. There is also a free trial for the Couchbase Capella Service.  

Top Quotes

• “The modern database has to do more than what the old database did”
• “Managing edge in devices is not an easy thing, and so you have to solve a lot of problems so it becomes easier”

In this episode, Daniel explains a new strategy towards observability aimed at contextualizing large volumes of data to make it easier for users to identify the root cause of problems with their systems.

Daniel Kim is a Principal Developer Relations Engineer at New Relic and the founder of Bit Project, a 501(c)(3) nonprofit dedicated to making tech accessible to under-served communities. His job is basically to get developers excited about Observability, and he hopes to inspire students to maximize their potential in tech through inclusive, accessible developer education. He is passionate about diversity and inclusion in tech, good food, and dad jokes.

Show Notes

First, it is important to differentiate between monitoring and observability. Monitoring is basically when a code is instrumented to send data to a backend, to give answers to preconceived questions. With Observability, the goal is to monitor your system so as to later ask questions that were not in mind during the instrumentation of the system. Hence, if something new comes up you can find the root cause without modifying the code. There are so many levels of things to check when troubleshooting to find the cause of a problem, and this is where observability comes in.

There are different use cases for logs, metrics, and traces; Logs are files that record events, warnings, or errors however logs are ephemeral which means there is increased risk of losing a lot of data. A system needs to be in place to move logs to a central source. Another issue with logs is that it is poorly structured data. Logs are good to have as the last step of observability. Metrics and traces can however help to narrow down where to search in the logs to solve an issue.

Metrics are measurements that reflect the performance or health of your applications. They give an overview of how the systems are doing but tend to not be very specific in finding the root cause of a problem; other forms of data have to be adopted to get a clear picture. This is where Traces come in.

Traces are pieces of data that track a request as it goes through the system. Because of this, they can identify the root cause of an error or bottlenecks slowing down the system. However, they are very expensive and as such sampling is used when tracing but this reduces the accuracy of traces. Correlating information from logs, metrics, and traces gives a full clear picture for debugging to be carried out successfully. A lot of New Relic customers strive to get more pieces of data to get errors faster.

To balance the right data at the right time with the right cost, the first step when collecting large amounts of data is to find out how your organization is leveraging the data. A quick audit of the data to identify useful data is helpful. This can be done monthly or quarterly. Unstructured logs are difficult to aggregate

In the cloud native space, being able to be compatible with as many people as possible will determine the winners because there are many projects people use in production. Projects that are compatible with many other projects are the way forward.

APM is still very useful to understand application performance and in the future, data from all sources will be correlated to figure out the cause of a problem. Getting value very early from the system involves having a solid infrastructure and installing APM. The real power of full stack observability is getting data from different parts of your stack so you can diagnose what part of your system is going wrong. Leveraging AI to make sense of large amounts of data for engineers is going to be a huge plus.

A lot of vendors claim that their alert systems will automatically generate all alerts for you but this is not true because they would not know your team’s needs. It is ultimately up to your team to set up alerts that create an observability strategy. Those who invest time into setting this up get the most ROI from New Relic. Engineers need to figure out what metrics are important to them.

About New Relic One:

This was made to be a singular observability platform where people can correlate various pieces of data to get more context making the work easy for engineers. The goal was to help engineers to find the information they need as fast as possible, especially during a crisis.

This kind of third-party solution is much more applicable for processing millions of logs or larger data, compared to native tools. It also provides a large amount of expertise around observability and curated experiences around machine-generated data.

The future seems to have customers tilting towards open-source observability solutions. OpenTelemetry is one example of this, as it brings together all observability offerings in open source in a whole stack observability experience.

Visit the New Relic website to learn more about it. To learn more about ways to use New Relic, check out the New Relic Blogs.

Top Quotes

• “Having so much data and information about your system, you’re able to quickly figure and rule out issues that you may be having that’s causing the issue”
• “A really good practice when we think about controlling cost is getting a really good idea of how you’re actually using the data that you’re collecting”
• “Having structured logs is really helpful when we’re talking about observability”
• “Something that I’ve realized in the tenure that I’ve been working in observability is that when something sounds too good to be true, it probably is”

Rahul Thakkar is the Director and General Manager of Simulation Technologies at Amazon Web Services. Before AWS, he held multiple executive roles at Boeing, Brivo, PIXIA, and DreamWorks Animation. He is an inventor, and global technology executive with a background in cloud computing, distributed and high-performance computing, media and entertainment, film, television, defense and intelligence, aerospace, and access control.

His film credits include Shrek, Antz, and Legend of Bagger Vance. In 2002, he was part of the team that won an Academy Award for Shrek as the Best Animated Feature. Again in 2016, at the 88th Annual Academy Awards, Thakkar received a Technical Achievement Award.

Notes

AWS SimSpace Weaver enables customers to run extremely large-scale spatial simulations without having to manage any of the underlying infrastructure. It also removes the complexity of state management of entities as they move about the simulation. Previously, carrying out such simulations would be done sequentially, in a cumbersome manner over years but now it can be done in parallel in weeks. Different organizations have tried out this functionality for several scenarios and the results have been amazing. This value was largely made possible due to the approach of working with customer feedback.

Rahul’s interest in the cloud came much later in his career which started initially in the R&D department of the Motion Picture industry where he created many of the complex graphics in movies. He later moved into a small start-up that was developing technologies for satellite imagery and mapping, and from here he moved to aerospace. Generally, he observed the problem that it is very expensive for companies to maintain their infrastructure when dealing with simulations. It also would drain resources and distract from the main focus of the company. Eventually, knew he had to use AWS, and now he works with them.

All the other primitive tools within AWS are being consumed to build the service. There is also the ability to write to S3 so that customers can write the simulations out. This helps customers to remember how the simulation played out.

Relating this new service to the metaverse, Rahul believes that when it comes to the metaverse, each organization has its vision of what it should be. However, AWS built the tools to empower these organizations to build their metaverses. Despite the possibility of having competition from Azure or GCP, the focus of AWS would remain on the customer and their needs, innovation on their behalf.

Identifying new problems that the service would be very applicable for is a great challenge that AWS relies on customers for, to help AWS envision where they want to go with the service. There are definitely many companies running simulations but it is hard to predict how many would migrate to the AWS SimSpace Weaver because it is still a new product. Nonetheless, a lot of industries are interested in this new service. These include smart cities, organizations ranging from local to federal or international, logistics and supply chains, large-scale event planning, or any situation where there is a need to simulate a large problem with digital replicas of the real world.

Top Quotes

• “The fact that we worked from the customer backwards is something that allowed us to deliver the kind of value that they’re getting right now with AWS SimSpace Weaver”
• “Each one of these organizations have their own vision of a metaverse”

Christine Yen is the Co-Founder and CEO of Honeycomb. Before founding Honeycomb, she built analytics products at Parse/Facebook and loved writing software to separate signals from noise. Christine delights in being a developer in a room full of ops folks. Outside of work, Christine is kept busy by her two dogs and wants your sci-fi & fantasy book recommendations.

Notes

Honeycomb is an observability platform that helps customers understand why their code is behaving differently from what they expected. The inspiration behind this software came after Christine’s previous company was acquired by Facebook and they realized how software made it very easy to identify problems in large code data within a short time. This encouraged them to build the tool and make it available to all engineers.

If the first wave of DevOps was Ops-people learning how to automate their working code, the second wave would be helping developers learn to operate their code. Honeycomb is designed intentionally to ensure that all types of engineers can make sense of the tool.

Honeycomb has always come up with ways for customers to use AWS products and get the data reflected in Honeycomb to be manipulated. Over the last few months, they have ensured that it is possible for clients to plug into CloudWatch Log and CloudWatch metrics, and redirect data directly from AWS products into Honeycomb instead. Clients can also use Honeycomb to extract data based on what their applications are doing. This applies to performance optimization, experimentation, or any situation where a company wants to try a code to see how it performs on production. The focus remains on the application layer. Before Honeycomb, no one was using observability in this context.

The pricing of Honeycomb is based on the volume of data, which makes it predictable and understandable. Unlike when the pricing scale is based on the fidelity of the data, which can be quite expensive.

Challenges within the observability space: The question is how to help new engineers learn from the seasoned engineers on the team through paper trails left by the seasoned engineers. This is a problem that can only be solved by enabling teams to orient new engineers on their systems without having to create another question as part of the code.

Building an AI Approach in Honeycomb may not be suitable because of the context involved, since training effective machine learning models relies on a vast amount of easily classifiable data and this does not apply in the world of software; every engineering team’s systems are different from every other engineering team’s systems. Honeycomb is interested in using Al to build these models in order to help users know what questions to ask.

With Honeycomb, usage patterns are much more dependent on the curiosity and proficiency of the engineering team; while some engineers who are used to getting answers directly may just leave the software, those who have a culture of asking questions will benefit more from it.

Top Quotes

• “Not having to predict ahead of time what matters, is making such a difference in our ability as engineers to get ahead of issues, identify them quickly, resolve them”
• “We’re out of a world where any individual engineer holds the entire system in their head”
• “Observability is the only way forward as we make our worlds ever less predictable”

Anthony shares his insight on the importance of embracing disruption in the tech industry. He discusses how NetApp seized the right opportunities, got lucky, and came to dominate the Cloud space — even while younger app developers may have no idea what it was.

“They don’t comprehend — nor should they — the complexities of infrastructure,” Anthony explains. “And I really love the fact that we’ve been able to democratize ONTAP, because it’s cool, but you’ve got to be really smart to get the best out of it. And so we just decided we would be the smart ones.”

What’s really behind innovation in tech? “The context is where you are. And people like to think that the world operates through evolution. And sometimes it’s revolution –- sometimes, you have to do something radically different.”

Anthony also discusses cloud computing trends, the importance of customer focus, what NetApp does differently, and the multi-cloud.

Featured Guest

Name: Anthony Lye

What he does: Anthony is Executive Vice President and General Manager of the Public Cloud Services business for NetApp

Key quote: “You’ve got to put the customer in the middle of your business. And you’ve got to go where they want you to go. If you don’t, your hold may last a while, but it won’t last. And I still can’t believe that what we did we got away with, and we’ve gotten so much time to build so aggressively. It’s great.” 

Where to find him: LinkedIn

Key Takeaways

• There are two halves of the cloud space: the IT half and the app half. IT people see huge opportunities in extending data centers. App people want to and can build and run their own stacks, and Anthony took advantage of this. “They don’t have to wait for the IT people,” Anthony says. “And I wanted to build something for them — I didn’t want to just hang out on the IT side. I went and asked a whole bunch of application people: what do you need?”
• NetApp spies huge business growth potential on the horizon with recurring revenues. “Recurring revenues are the best kinds of revenues you can get,” Anthony clarifies. But people don’t always consider this. “Because they’re different, they sort of ignore them — they don’t like them. And before they know it, they’re years behind and caught. And passed as if they’re standing still.” 
• The customer is and always should be focused on as front and center of any business. For NetApp, the software and implementation are the same, but the unique integrations are what makes the service stand out. With SaaS, it’s now the second “S” — the service — that matters most. “The rule of SaaS is the other Henry Ford thing: you can have it in any color you want, as long as it’s black,” Anthony says. “We’re going to run it for you as a service, and you’re going to love it”, NetApp tells customers, increasing developer productivity and providing a much higher release cadence.

Resources

Here’s what was mentioned in the episode

• ARM: the most widely used family of instruction set architectures with over 200 billion ARM chips produced. 
• CloudCheckr: an end-to-end cloud management platform with cost, security, resource and service functionality.
full 16 https://cdn.thecloudpod.net/2022/04/22221532/tcptalk-anthony-lye.jpg TCP Talks: The Service Not the Software: Anthony Lye on Evolution and Revolution false no 01:02:38 No no https://www.thecloudpod.net/podcast/it-service-management-jonathan-heiliger/ Wed, 03 Nov 2021 17:55:35 +0000 https://www.thecloudpod.net/?post_type=podcast&p=3365 In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Jonathan Heiliger, co-founder and partner at Vertex Ventures: an early-stage venture capital firm backing innovative technology entrepreneurs. 

Earlier in his career, at just 19, Jonathan co-founded web hosting provider GlobalCenter and served as CTO. He went on to hold engineering roles at Walmart and Danger, Inc., the latter of which was acquired by Microsoft. He was also Vice President of Infrastructure and Operations at Facebook (now Meta), and a general partner at North Bridge Ventures. The latter firm’s portfolio included Quora, Periscope, and Lytro (which has been acquired by Google.)

At Vertex Ventures, Jonathan has helped cutting-edge companies like LaunchDarkly and OpsLevel revolutionize the tech space with continuous delivery and IT service management solutions. Jonathan shares his insights into the shifting market of IT services and explains why decentralizing infrastructure management can help digitally native companies operate at a faster pace.

According to Jonathan, the question of IT service infrastructure isn’t being adequately addressed. Without properly defining service ownership, businesses looking to scale run the risk of siloing critical knowledge, and losing track of services networks. 

Jonathan also discusses his own experiences running infrastructure at Facebook (oops, Meta), the merits of both centralized and decentralized IT services management, and how he and his partners at Vertex Ventures approach new investments.  

Featured Guest

Name: Jonathan Heiliger

What he does: Jonathan is a co-founder and partner at Vertex Ventures, an early stage venture capital firm that backs B2B software entrepreneurs. He held his first CTO role at 19, and has previously worked for Walmart; Danger, Inc.; Facebook (soon to be known as Meta); and North Bridge Ventures.

Key quote: “We need systems to help us build bridges from the world of paper-based and in-memory to scaling to tens and then hundreds of microservices. It’s that pain point of tracking all the info about apps and their services, dependencies, ownership and versions that I think is this big problem lurking below the surface.”

Where to find him: LinkedIn | Twitter 

Key Takeaways 

As companies rely on an increasing number of IT services, Jonathan says that it’s imperative that technology leaders establish ownership of IT service management, and meticulously track their software and vendor partners. 

According to Jonathan, this kind of IT management is still done in a fairly rudimentary way, even for larger companies. “Every engineering team — even the most well run engineering orgs — the majority of them use Excel spreadsheets to track who owns what service, and even what services may talk to one another,” he says. He sees this as a big problem that’s going to catch up with companies one day.

When considering whether a centralized or decentralized IT management service infrastructure is best for you, Jonathan suggests doing a deep dive on your business objectives. 

For example, digitally native businesses, which rely on a vast network of microservices, might work better with a decentralized infrastructure. Non-digitally native brands, on the other hand, might benefit from a centralized system to ensure continuity in the technology. 

Avoiding vendor lock-in — i.e. becoming too dependent on a single service provider — is critical in keeping your business flexible and agile, but it can]]> full https://cdn.thecloudpod.net/2021/11/03105009/TCPTalk-Jonathan-Heiliger.jpg TCP Talks: From Monolith to Microservices: Jonathan Heiliger on Modern IT Service Management false no 00:49:35 No no https://www.thecloudpod.net/podcast/how-security-automation-is-changing-the-game-in-the-cloud/ Tue, 26 Oct 2021 05:54:14 +0000 https://www.thecloudpod.net/?post_type=podcast&p=2411 In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Josh Stella, co-founder and CEO of Fugue, a cloud security company that helps businesses run faster on the cloud without breaking any rules. 

Josh shares insights from Fugue’s State of Cloud Security 2021 Report, and highlights key themes, including preventative security measures, automation, and engineering-first compliance. 

According to the report, within the next two years, all but 1% of security breaches will be caused by misconfiguration of cloud resources. Josh and his team at Fugue aim to minimize these mistakes by simplifying cloud security through a systems-based approach.

One way to streamline security, Josh notes, is to take advantage of automation. With cloud environments becoming increasingly complex, relying on pure knowledge will soon be untenable. Josh urges business leaders to embrace automation to reduce the risk of human error in their security systems. 

Josh also discusses how businesses can declutter security tech stacks, the “land grab” happening in the cloud, and trends he predicts will shape the future of cloud compliance. 

Featured Guest

Name: Josh Stella 

What he does: Josh is the co-founder and CEO at Fugue, a cloud security company on a mission to help businesses move faster by ensuring safe cloud environments. He has over a decade of experience in the cloud security space, including positions at Amazon Web Services and in national security. 

Key quote: “If Fugue as a software vendor and as domain experts in cloud security can’t make your job a lot easier through tooling, then we’re not doing our job.”

Where to find him: LinkedIn | Twitter | YouTube

Key Takeaways 

While compiling the State of Cloud Security 2021 Report, Josh and his team at Fugue interviewed over 300 organizations. They found that as cloud environments have grown and become more complex, organizations are seeing more instances of misconfigurations. 

According to the report, 49% of respondents experienced over 50 misconfigurations per day. Another interesting detail: For the first time since Fugue started compiling its annual report, Identity and Access Management (IAM) was the number one concern regarding misconfigurations.

Josh argues that automation is the next step in making cloud environments more secure. Fugue aims to make security automation easy by providing pre-built rules and templates to automatically check code and monitor deployments. 

Looking forward, Josh is optimistic that automation will become a key piece in enterprise cloud security. “The thing I would like to see a change in is the attitude that security problems are because people are screwing up … [I would like to see people] thinking about how to actually solve these problems, which is through computer science and automation,” he says.

One way to enable automation is to put engineering departments in charge of compliance, as opposed to traditional security teams. According to the State of Cloud Security 2021 Report, more than 66% of businesses are delegating security policy to engineering teams — a trend Josh hopes to see continue. 

He says that today, engineering and DevOps teams work so fast security teams struggle to keep pace. Businesses that haven’t moved responsibility for security over to these teams are more likely to experience those potentially dangerous misconfigurations. 

Resources

Here’s what was mentioned in the ep]]> full https://cdn.thecloudpod.net/2021/10/13151742/TCPTalk-josh-stella.jpg TCP Talks: Josh Stella on How Security Automation is Changing the Game in the Cloud false no 00:50:11 No no https://www.thecloudpod.net/podcast/solutions-architect-to-sada-cto-miles-ward-on-how-and-why-the-google-cloud-has-the-edge/ Tue, 13 Apr 2021 16:17:30 +0000 https://www.thecloudpod.net/?post_type=podcast&p=1283 In this episode of TCP Talks, Justin Brodley and Jonathan Baker talk with Miles Ward, the founder of the Google Cloud’s Solutions Architecture practice. Currently, Miles leads the cloud strategy and solutions capabilities as the Chief Technology Officer for consulting and IT services company SADA.

Startups have helped increase the popularity of open source products among enterprise businesses. Changing systems can be a struggle for larger, more traditional companies. But legacy businesses also want to accomplish more in a shorter amount of time, which requires shedding clunky, legacy systems. 

“Those building blocks make it so that companies operate at a certain rate of change. And I know zero companies asking me to slow down their rate of change,” he notes. 

The evolution of product compatibility is also discussed.  Product sellers need to help customers understand how much of their system fits and how much doesn’t fit in one solution compared to another, Miles says. Customers need to have a clear understanding of what’s involved and how much work it’s going to be.  

In addition, Miles shares his thoughts on the role of the CTO as well as the benefits of rebranding a product everybody hates.

Featured Guest

Name: Miles Ward

What he does: As CTO of SADA, Miles leads the cloud strategy and solutions capabilities. His remit includes delivering next-generation solutions to challenges in big data and analytics, application migration, infrastructure automation, and cost optimization; and engaging with customers on their most complex and ambitious plans around Google Cloud. 

Key quote: “There used to be big crunchy legacy impediments to adoption… But it’s 2021 — live in the future, that shit works. Now it’s more about making it easy enough and predictable enough to consume that folks can unlock the business justification.” 

Where to find him: LinkedIn | Twitter

Key Takeaways

• Gone are the days when products from different technology providers, like Oracle or SAP, couldn’t work together to solve a customer problem. These days, companies need to make products easy and predictable enough so customers can unlock the business justification straight away.
• For Google Cloud, the next phase of growth will require investment in higher-level relationships with customers. Miles references his experience with current Google Cloud CEO Thomas Kurian (TK).   
• “TK is super focused about spending the majority of his time face to face with customers,” he says. “He’s not doing it to be a glad-hand, he’s deal making and proposal pushing and thinking through the machinery of how to build higher level relationships.” 
• There’s a huge opportunity to help the “the real world divisions inside of real world businesses”  — not just serve the IT department.
• Miles says, “I think there’s a bunch of cloud providers that are working really hard now to facilitate the plumbing and governance and oversight and security controls and operational management of what is — not a hybrid between their data center, and a cloud — a hybrid between their SaaS fleet and the couple of things they still need to run on their own.”
• Worried about leveraging a Google solution and then having them pull the plug on it? Miles doesn’t think you should be too concerned about deprecation. 
• “I think they have heard this feedback really loud and clear,” he says.  “There’s a whole bunch of people that have made it really obvious that if you’re going to provide these ]]> full https://cdn.thecloudpod.net/2021/04/13085849/TCPTalk-Miles-Ward-Sada.jpg Solutions Architect To SADA CTO: Miles Ward on how and why the Google Cloud has the edge false no 00:57:36 No no https://www.thecloudpod.net/podcast/tcp-talks-with-mark-curphey-from-open-raven-getting-the-birds-eye-view-of-your-cloud-data-security/ Mon, 11 Jan 2021 07:00:01 +0000 https://www.thecloudpod.net/?post_type=podcast&p=1150 Note: This interview is part of a paid sponsorship between Open Raven and The Cloud Pod. 

  In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Mark Curphey, Chief Product Office and Co-Founder of Open Raven, a fully integrated platform for security and privacy workflows.

  Featured Guest

  Name: Mark Curphey

  What he does: Mark is Chief Product Officer and Co-Founder of Open Raven.

  Where to find him: LinkedIn | Twitter

  Listen to Mark discuss the Open Raven strategy for protecting your data, the use of serverless workflows to scale to enormous workloads. Protecting your data and ensuring compliance using the Open Policy Agent – and more.

  Key Points

  Discover – Classify – Monitor – Protect

  “The cloud has moved in incredibly fast; security has been moved off to the side and as a result companies don’t know where their data is, breaches are happening constantly, and these are the big things that get companies in the press.”

  Macie

  “Every single customer that we spoke to in the early stages said, a) It doesn’t work b) It’s ridiculously expensive, and c) It’s only on s3 buckets. Well, whilst The Register is always reporting breaches of S3 buckets, my customer data is in RDS! That’s a real piece of the problem for me; sure, it’s popular, but I shouldn’t just be thinking about trying to protect myself from getting on The Register.”

  Part of the challenge is that data is not one thing… I may have a name, I may have an address, I may have a card number. There are all sorts of different parameters, and the data could be stored in multiple ways. So you have the concept of like data adjacency; If I have a CCV number, and expiry date and name associated to it that might be something which is real.

  With Macie, even if you just use the straight matching techniques, you don’t have control over the adjacency thing, so that’s why a lot of the basic trivial cases get completely missed.

  Security at the edge?

  “If you are protecting data in the cloud, you have to wire the tools into the cloud to understand which IAM has access, which routes, which security groups can give you access? That’s the only way to understand the context to protect it. You can’t do it in some sort of edge device.”

   Getting started with Open Raven

  Visit openraven.com to get a 15 day trial. Spin up a SaaS instance and go play.

  “We already think we’re a better choice than Macie, but don’t think that’s the end goal. Come partner with us, work with us on the end goal, because those are things that we love; solving massive, complex, and interesting problems.”

  https://www.openraven.com/thecloudpod

  ]]> full https://cdn.thecloudpod.net/2021/01/10104040/TCP-Talks-Feature-curphey.jpg Mark Curphey from Open Raven: Getting the birds-eye view of cloud data security false no 00:38:25 No no https://www.thecloudpod.net/podcast/1023/ Fri, 06 Nov 2020 14:00:14 +0000 https://www.thecloudpod.net/?post_type=podcast&p=1023 In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Forrest Brazeal, a Senior Manager at A Cloud Guru, a cloud education platform that has attracted more than two million students. A Cloud Guru offers full certification training and technical deep dives for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and more.

  Forrest talks about why companies need to invest in training to reap the benefits of “cloud fluency,” and how A Cloud Guru is contributing to cloud adoption success at Fortune 500 companies. 

  While discussing knowledge gaps, Forrest highlights how important it is to clearly identify which cloud services and knowledge areas you’re going to become certified in to avoid missing important high level areas. 

  “Going through the certification training and prep really helps you to avoid those blind spots that will keep you from speaking effectively to the other teams that you work with,” says Forrest. 

  Featured Guest

  • Name: Forrest Brazeal
  • What he does: Forrest is a Senior Manager at cloud learning platform A Cloud Guru.
  • Key quote: “When I look at people who are going from the data center to the cloud today, they are thinking about the cloud as something that’s going to take undifferentiated heavy lifting away from them.”
  • Where to find him: LinkedIn l Twitter | Personal Website

  Key Takeaways

  • Be strategic with your cloud certifications. If you’re trying to reach a certain number of certifications, make sure you have a plan or you might end up with gaps in your knowledge. “It’s so easy to do, right?” Forrest says, “as I’m sitting on one team, and I’m touching one technology all the time, I could go two, three, four years and never know anything about networking because all I’m doing is databases, right? Or never know anything about compute, because all I’m doing is storage. Going through the certification training prep really helps you to avoid those blind spots that will keep you from speaking effectively to the other teams that you work with.”  
  • College grads beware: Just because you have a Computer Science degree doesn’t mean you’ll just be writing algorithms all day. If you’re looking at a career in programming, the day to day job includes negotiating with people and figuring out what requirements of the business are – not just writing algorithms. Forrest says  “it’s figuring out requirements, and it’s writing the same line of code and then deleting it because it turns out the business requirement changed.” 
  • Scaling to zero, where a function can be reduced down to zero replicas when idle and brought back to the required amount of replicas when needed, is one example of how the underlying principles adopted by the serverless community that might have been considered “radical” five or six years ago is now seen as welcome wisdom in the broader cloud community. The term, “serverless,” might be retired eventually, but the fundamental principles will remain and evolve into “cloud native.” 

  Here’s what was mentioned in the episode

  • Microsoft Azure: Cloud Computing Services
  • AWS: Amazon Web Services
  • Google Cloud Platform]]> full 11 https://cdn.thecloudpod.net/2020/11/05101729/TCP-Talks-Feature-forrest.jpg Get Your Hands Cloudy with Forrest Brazeal from A Cloud Guru – Episode 11 false no 00:36:03 No no https://www.thecloudpod.net/podcast/protera-patrick/ Tue, 15 Sep 2020 12:00:49 +0000 https://www.thecloudpod.net/?post_type=podcast&p=949 Note: This interview is part of a paid sponsorship between Protera and The Cloud Pod. 

    In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Patrick Osterhaus, CTO and Founder of Protera Technologies, a preeminent provider for SAP and cloud managed services.

    Patrick discusses how the cloud, COVID-19, and work-from-home are influencing SAP and legacy enterprise software packages today, and Protera’s goal to provide the very best SAP services available on the cloud.

    Covering issues around migration to SAP, Patrick takes the opportunity to reflect on Protera’s history, while also addressing corporate IT integration. “We call this the transformation journey-site assessment, specific to each client’s needs, looking beyond SAP to the SAP systems, we use a tool we call [Protera] FlexBridgeSM,” notes Patrick.

    Featured Guest

    Name: Patrick Osterhaus

    What he does: Patrick is CTO and Founder of Protera Technologies.

    Key quote: “The complexity of moving to public cloud is getting those non-cloud native applications into the cloud, and then looking at the transformation of those applications once they’re in the cloud.”

    Where to find him: LinkedIn | Twitter 

    Key Takeaways

    The best way to prepare for cloud migration is what Patrick calls “the journey,” which involves a site assessment of the customer environment and understanding how everything on-premise, or in a hybrid environment, is working together.

    COVID-19 has accelerated migration to the cloud and has forced companies to plan their disaster recovery systems. Patrick says businesses aren’t just thinking about their earpiece systems — the thinking extends to ancillary systems like CRMs and web access systems — “all these systems to be connected and have it fully available in the cloud as a backup.”  He adds, “We’ve seen a natural interest in what is good practice,” which is to have a protection plan for critical SAP applications.

    Working with many compliance-heavy industries, such as financial or military and defense clients, Protera stresses has learned the importance of not only application security, but also the physical security necessary around data centers. He says the discussing the real-world protection of data centers — “who owns the data, how it’s governed, how it’s protected” — is important to raise with the client. 

    Resources Here’s what was mentioned in the episode

    SAP: Systems in Application Products and Data Processing

    “What is DevOps?“: An AWS blog post explaining the DevOps model

    Microsoft Azure: Cloud Computing Services

    Amazon Redshift: Cloud Co]]> full https://cdn.thecloudpod.net/2020/09/14114207/TCP-Talks-Feature-Patrick.jpg TCP Talks: SAP Cloud Migrations with Protera CTO, Patrick Osterhaus false no 00:38:01 No no https://www.thecloudpod.net/podcast/tcp-talks-cloud-wisdom-with-bart-castle/ Tue, 11 Aug 2020 01:00:17 +0000 https://www.thecloudpod.net/?post_type=podcast&p=918 In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Bart Castle, an AWS and cloud computing trainer and media personality. Bart works with IT training company CBT Nuggets and also does cloud-migration consulting projects. 

    Bart shares the patterns he seems based on training demand and also advises how to decide which certification to go for next. He discusses the importance of solving business problems that will help achieve the business’ goals while retooling and transforming systems.

    “At this point in my career, every technical conversation that I have is always paired up with a business value conversation,” he notes.

    But how should a data team shift focus to better solve business problems? He suggests looking for patterns. Uncovering patterns can help determine actionable steps to maximize efficiency and enable new business opportunities.

    Bart also discusses cloud computing trends, CloudFormation stacking, hybrid deployments, and containers.

    Featured Guest

    • Name: Bart Castle
    • What he does: Bart is a cloud computing and AWS expert and technical trainer, as well as a consultant. 
    • Key quote: “In the end, we’re still looking for those tools that will bridge gaps. This is why, for me, being an integrations professional and getting what integration means is skill number one across all different arenas. Everywhere you look, it’s an integration problem.” 
    • Where to find him: LinkedIn | Twitter | YouTube

    Key Takeaways

    • When thinking about all the different training options, Bart suggests pursuing the certification that would help you land a specific job or role. If you’re not sure what your next job might be, look at SysOps administration first since it is closest to traditional network help desk operations support roles.
    • Based on his training background, Bart sees a rising interest in network automation. Many teams are working with various vendors to address networking and connectivity and to make the transition from command line administration to Python automation. 

    “A lot of what I’m seeing here is the switch from real deep specialty to real broad generalization, and that can be an overwhelming bite to take when you look at how much information there is to consume,” says Bart. 

    • Learning how the tools work is the easy part, but you have to dig deeper to make it work for your specific business use case. Bart recommends looking for white papers, as well as case studies and blog posts. Communities (like TCP!) can also point you in the right direction.  

    Bart says, “Once you get those examples of how a piece of input data with the right transformation with this pairing of reporting can solve this problem — now, you’re putting tools in your belt that are going beyond just using the tools, and how to actually solve business problems with them.”

    Here’s what was mentioned in the episode

    CBT Nuggets: provides in-demand training, primarily in IT, project management, and office productivity topics.

    Amazon Simple Storage Service (S3): a cloud object storage service. 

    “What is DevOps?“: an AWS blog explaining the DevOps]]> full 9 https://cdn.thecloudpod.net/2020/08/08112804/TCP-Talks-Feature-bart.jpg TCP Talks: Cloud Wisdom with Bart Castle false no 00:49:04 No no https://www.thecloudpod.net/podcast/tcp-talks-with-aqua-securitys-liz-rice/ Sun, 26 Jul 2020 20:10:22 +0000 https://www.thecloudpod.net/?post_type=podcast&p=907 In this TCP Talks episode, Justin Brodley and Jonathan Baker chat with Liz Rice, VP of open source engineering for Aqua Security, which provides tools to secure cloud-native deployments. 

    Liz describes Aqua’s evolution over the years: From a provider of container security to its acquisition of CloudSploit and its development of open-source security solutions. Most customers are using cloud native software, and Aqua wants to secure those workloads and engage that community. 

    “As a business, we have to be where the discussions are. Having open-source tools that are genuinely useful gives us a good way to participate in that community,” Liz explains. 

    In addition to her role at Aqua Security, she is the chair on the CloudNative Computing Foundation‘s (CNCF) Technical Oversight Committee. During the conversation, Liz gives an overview of how they handle projects.

    Key Takeaways

    • Open source tools offer an entry point into communities. “As a business, we have to be there — we have to be where the discussions are. And having open source tools and solutions that are genuinely useful gives us a good way of participating in that community,” Liz says of the value of Aqua developing open-source tools. The company’s Starboard toolkit for finding risks in Kubernetes workloads and environments is a recent example.
    • Liz discusses Starboard’s comparative advantage — it integrates existing Kubernetes tools, not just from Aqua but also from third-parties, into the Kubernetes experience. “You can run Trivy through Starboard and your results are right there next to the workload you’re interested in,” she says. 
    • Liz discusses CNCF’s role with Kubernetes and beyond. “Google today contributes tons of time, energy, and engineering hours into Kubernetes. If tomorrow they were to decide they were going to walk away, Kubernetes still exists, and it would do so because of the CNCF and its participants,” she explains. 

    Resources 

    Here’s what was mentioned in the episode

    • “Container Security: Fundamental Technology Concepts that Protect Containerized Applications“: Liz Rice’s book.
    • Aqua Security: a company that delivered security solutions for applications.
    • Cloud Native Computing Foundation: CNCF serves as the vendor-neutral home for many of the fastest-growing open-source projects, including Kubernetes, Prometheus, and Envoy.
    • CloudSploit: security scanner for cloud accounts.
    • Trivy: vulnerability scanner for container images.
    • Starboard: makes security information available across the Kubernetes API in a native way.
    • Prometheus: an open-source metrics-based monitoring system.
    • Istio: Google’s open-source independent service mesh allows companies to connect, monitor, and secure mic]]> full 8 https://cdn.thecloudpod.net/2020/07/26114524/TCP-Talks-Feature-Liz.jpg TCP Talks with Aqua Security’s Liz Rice false no 00:33:18 No no https://www.thecloudpod.net/podcast/tcp-talks-with-amiram-shachar-reducing-cost-and-complexity-of-the-cloud-with-spot/ Mon, 08 Jun 2020 19:53:08 +0000 https://www.thecloudpod.net/?post_type=podcast&p=834 In this episode of TCP-Talks we chat with Amiram Shachar, founder and CEO of Spot, which aims to help its customers reduce complexity and compute costs by up to 90% in the AWS, GCP and Azure clouds.

      We talk about the impact on the spot pricing market, and the differences between the AWS, GCP and Azure approach to spot pricing and delivery, and whether customers are asking for multi cloud solutions.

      Amiram discusses the problems Spot solves, why they chose to partner with NetApp and reveal the mystery of the rebrand from Spotinst, then takes us on a deeper dive into Spot’s Ocean, a Serverless Infrastructure Engine for Containers,.

      ]]> full https://cdn.thecloudpod.net/2020/06/08121433/TCP-Talks-spt.jpg TCP-Talks with Amiram Shachar: Reducing cost and complexity of the cloud with Spot false no 00:28:56 No no https://www.thecloudpod.net/podcast/tcp-talks-oh-my-sre-aiops-and-observe-a-what/ Fri, 05 Jun 2020 04:34:56 +0000 https://www.thecloudpod.net/?post_type=podcast&p=821 This week Chris Riley DevOps Advocate for Splunk and Podcast Host of Developers Eating the World joins us. We ask the tough questions, like what is Observability exactly? We touch on the risk of robots taking my job, with AI-Ops, and if it is marketing buzzwords or a product. Plus the mad rush to SRE all the NOCs, because GOOGLE DOES IT and more on TCP-Talks.

      Twitter: https://twitter.com/hoardinginfo 

      Developers Eating the World Podcast

      ]]> full https://cdn.thecloudpod.net/2020/05/28161028/criley-Feature.jpg TCP-Talks: Oh my! SRE, AIOps and Observe-a-what? false no 00:37:27 No no https://www.thecloudpod.net/podcast/tcp-talks-the-unknown-unknowns-of-cloud-security-with-josh-stella-from-fugue-co/ Fri, 15 May 2020 22:25:08 +0000 https://www.thecloudpod.net/?post_type=podcast&p=800 Josh Stella (twitter: @joshstella) joins us to talk about the state of cloud security. We discuss Fugue’s new report, the complexity and challenges of IAM, and the most common cloud misconfiguration aren’t always the ones you would expect.

      Fugue ensures cloud infrastructure stays in continuous compliance with enterprise security policies. Our solution identifies cloud infrastructure security risks and compliance violations and ensures that they are never repeated. Fugue provides baseline drift detection and automated remediation to eliminate data breaches, and powerful visualization and reporting tools to easily demonstrate compliance.

      ]]> full 5 https://cdn.thecloudpod.net/2020/05/15151506/JoshStella.png TCP-Talks: The unknown unknowns of cloud security with Josh Stella from Fugue.co false no 00:45:09 No no https://www.thecloudpod.net/podcast/tcp-talks-knative-in-action-with-jacques-chester-ep4/ Thu, 30 Apr 2020 20:48:23 +0000 https://www.thecloudpod.net/?post_type=podcast&p=785 Jacques Chester author of Knative In Action and Principal engineer at Pivotal joins us to educate us on Knative.  Knative is an open-source tool to run functions as a service on top of Kubernetes and is gaining popularity in Kubernetes deployments.  Learn all about Knative, Kubernetes maturity, Googles involvement in Knative, and more.

      If you are are interested in checking out Knative in Action, I have a coupon code for you to save today on any Manning press publication including Knative in Action!

      https://www.manning.com/books/knative-in-action?query=Knative%20in%20Action 

      Code: podcloud20

      ]]> full 4 https://cdn.thecloudpod.net/2020/04/30132000/Jacques-Chester.png TCP Talks: Knative in Action! with Jacques Chester – Ep4 false no 00:40:57 No no https://www.thecloudpod.net/podcast/tcp-talks-with-ben-kehoe-serverless-hero-episode-3/ Thu, 12 Mar 2020 05:36:29 +0000 https://www.thecloudpod.net/?post_type=podcast&p=591 One of the most exciting cloud computing technologies of the last few years is Serverless computing, whether it be via AWS Lambda, Azure Functions, GCP functions or technologies like K-Native. This week Jonathan and Justin talk to Ben Kehoe Chief Roboticist at iRobot and AWS Serverless hero. We ask Ben the burning questions about Serverless Computing, robotics, AWS and more! Listen today.

       

       

      ]]> bonus https://cdn.thecloudpod.net/2021/02/21192552/benkehoe.png TCP Talks with Ben Kehoe Serverless Hero – Episode 3 false no 00:28:57 No no https://www.thecloudpod.net/podcast/tcp-talks-finops-in-the-cloud-with-rob-martin-bonus-ep-2/ Sun, 23 Feb 2020 22:00:20 +0000 https://www.thecloudpod.net/?post_type=podcast&p=569 The most terrifying part of moving to the cloud isn’t security, migration techniques or learning new infrastructure as code tools, it is managing that pesky cloud bill.  To some CFO’s it might even be downright terrifying.  Join Jonathan and Justin as they talk about all things FinOps with Rob Martin from Apptio (formerly Cloudability) where they discuss cost management techniques, getting help via the Finops Foundation and more.

      A big thanks to TCP-Talks Sponsor:

      • Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning, and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure.

       

      ]]> bonus https://cdn.thecloudpod.net/2020/02/21192554/tcptalks-robmartin.jpg TCP Talks: Finops in the cloud with Rob Martin – Bonus Ep 2 false no 00:38:36 No no https://www.thecloudpod.net/podcast/tcp-talks-bring-order-to-your-monitoring-with-mike-kelly-bonus-ep1/ Tue, 04 Feb 2020 18:25:14 +0000 https://www.thecloudpod.net/?post_type=podcast&p=550 Justin Brodley and Jonathan Baker kick off our new TCP Talks bonus episodes with a chat with Mike Kelly, CTO at Blue Medora. Monitoring can be hard on-premises or in the cloud. As a result, it can be downright scary with multi-cloud strategies, hybrid cloud, and legacy tools. Bring order chaos, by centralizing the management of metrics and logs. From solving out of disk space alerts to building observability techniques, Stackdriver and Bindplane can help.  Adopting these practices and principals will help your Observability and SRE teams in the cloud.
      ]]> bonus https://cdn.thecloudpod.net/2020/02/21192555/tcptalk-mike-kelly.png TCP Talks: Bring Order to your Monitoring with Mike Kelly – Bonus Ep1 false no 00:24:31 No no